Monthly Azure news – June 2020

This month we are bringing you the news from the Azure and Cloud Native world and hope you will enjoy some of the updates as much as we do.

Microsoft and Docker extend their partnership

Microsoft and Docker are working together on new methods for deploying containers in Azure. The goal was to make Container applications more consistent and reproducible. Applications are often started and ended faster at runtime, which often helps them to be started, ended, scaled up, and updated faster in the Cloud. The integration of Docker Desktop, Microsoft Azure and the Visual Studio product line has enabled developer’s better productivity. To find out more details visit the Microsoft Azure blog.


Azure Service Operator for Kubernetes

A Kubernetes operator to manage Azure resources – manages your application together with your infrastructure in a GitOps approach. As Kubernetes adoption grows fast, Microsoft has also recognized the potential in managing customer resources exclusively through the Kubernetes control plane. Moreover, Kubernetes operators make Azure services easily accessible from Kubernetes clusters in any Cloud in that way enabling developers to focus more on their applications and less on their infrastructure.

Check out the blog post of our team member Nico to gain more insights on Azure Service Operator.

Azure DevOps Provider for Terraform

Azure DevOps Provider 0.0.1 for Terraform has been released. The provider enables you to manage Azure DevOps resources like projects, CI/CD pipelines and build policies through Terraform. Infrastructure as Code (IaC) tools like Terraform have become a popular way to standardize the deployment of the Cloud infrastructure. Using the Azure DevOps Provider for Terraform, you can model and manage the DevOps for your project. This means that the description of Azure DevOps repositories, service connections, pipelines, variable groups, groups, group memberships, and many other can be committed as source code and managed through Terraform in a consistent and repeatable way.

Super-Linter by GitHub

Super-Linter is a simple combination of various linters, written in bash, to help validate your source code. Super-linter helps you with:

  • Preventing broken code from being uploaded to the default branch
  • Helping establish coding best practices across multiple languages
  • Building guidelines for code layout and format
  • Automating the process to help streamline code reviews

The design of the Super-Linter currently allows linting of various languages to occur in GitHub Actions as a part of continuous integration occurring on pull requests as the commits get pushed. This said, it’s not limited to GitHub Actions and can also be used with Azure DevOps Pipelines and others.

Azure Monitor for Key Vault is now in preview

Get comprehensive monitoring of your key vaults together with your Azure Key Vault performance, requests, failures, and latency by using Azure Monitor for Key Vault (in preview). Key Vault insights offers:

  • At-scale perspective displays an image-like view of performance based on the requests, breakdown of failures, as well as an overview of the operations and latency
  • Drill-down analysis of a specific key vault to perform an in-depth analysis
  • The ability to pin charts in the workbook to Azure dashboards
  • Integration with Azure Monitor Logs for additional data on your Azure Key Vault activity

Azure Pipelines now supports Linux/ARM64

Azure Pipelines now supports Linux/ARM64 as a new agent type.

Azure Kubernetes Service (AKS) support for proximity placement groups is now available

One of the factors affecting AKS application latency performance is network latency due to the physical distance between agent nodes. To help alleviate this, you now have the capability to associate a proximity placement group with an AKS node pool in order to co-locate agent nodes and minimize node-to-node latency. This enables AKS to support latency-sensitive workloads in critical business scenarios.

Azure Monitor for Containers support for Azure Arc is in preview

Azure Monitor for Containers is now extending monitoring support for Kubernetes clusters hosted on Azure Arc. This support is currently in preview. Azure Monitor for Containers on Azure Arc-enabled Kubernetes gives you similar capabilities as Azure Kubernetes Service (AKS) monitoring, such as:

  • Performance visibility by collecting memory and processor metrics from controllers, nodes, and containers that are available in Kubernetes
  • Visualization through workbooks and in the Azure portal
  • Alerting and querying historical data for troubleshooting issues
  • Capability to scrape Prometheus metrics.

Azure Kubernetes Service upgrade improvements are now in preview

Upgrading is a common operation required for all Kubernetes workloads. Two new Azure Kubernetes Service (AKS) upgrade capabilities that will improve the granularity and efficiency of regular Kubernetes upgrade operations are now in preview.

  • Node image upgrade enables you to update node-level components such as the container runtime or OS updates without going through a full Kubernetes upgrade. Use this capability to initiate a targeted upgrade to agent nodes for a given node pool to pull the latest available node updates and patches without requiring a full cluster upgrade.
  • Max surge enables faster upgrades by taking advantage of multiple new buffer nodes to concurrently replace older nodes. Instead of replacing a single node at a time, you can now customize your own max surge value per node pool to define how many concurrent replacements occur.

Azure Policy support for Azure Cosmos DB is now available

Azure Cosmos DB resource governance can now be implemented with Azure Policy. Use this capability to create Azure Policy assignments based on built-in or custom policy definitions to enforce rules and effects on Azure Cosmos DB resources. Example policy assignments include:

  • requiring features such as Advanced Threat Protection to be enabled on Azure Cosmos DB accounts
  • auditing Azure Cosmos DB resources for compliance with organizational standards on throughput or other properties
  • securing data by enforcing network access safeguards such as IP filter rules, virtual network endpoints, or limiting the amount of throughput (RU/s).